package com.oneday.ashop.console.base.shiro.filter;

import com.oneday.ashop.core.base.util.StringUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 用户登录过滤器
 * user login filter
 * Created by admin on 2016/7/2.
 */
@Slf4j
public class BaseUserLoginFilter extends AuthorizationFilter {
    /**
     * 登陆的用户名
     */
    public static final String USER_NAME = "username";
    /**
     * 登陆的密码
     */
    public static final String PASS_WORD = "password";
    /**
     * 请求的用户名字
     */
    public static final String REQ_USER_NAME = "req_user_name";
    /**
     * 请求响应错误码
     */
    public static final String RESPONSE_CODE =  "code";
    /**
     * 请求响应错误描述
     */
    public static final String RESPONSE_DESC = "desc";


    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        String uri = ((HttpServletRequest)servletRequest).getRequestURI();
        log.info("进入过滤器:" + uri);
        HttpServletRequest request = (HttpServletRequest)servletRequest;
        //判断当前用户是否进行了身份验证
        if(SecurityUtils.getSubject().isAuthenticated()) {
            return true;
        }else { //未登录
            //判读当前请求是否是请求登陆页面
            if(isLoginRequest(servletRequest, servletResponse)) {
                return true;
            }
            String username = request.getParameter("username");
            String password = request.getParameter("password");
            //生成用户对象
            Subject subject = SecurityUtils.getSubject();
            //进行登录
            try {
                subject.login(new UsernamePasswordToken(username, password));
            }catch (UnknownAccountException e) {
                log.info("用户[" + username + " ]用户名不存在！" + e);
                solveLogin((HttpServletRequest)servletRequest, (HttpServletResponse)servletResponse, username, password, "用户名不存在！");
                return false;
            }catch (IncorrectCredentialsException e) {
                log.info("用户[" + username + " ]密码错误！" + e);
                solveLogin((HttpServletRequest)servletRequest, (HttpServletResponse)servletResponse, username, password, "用户密码错误！");
                return false;
            }catch (LockedAccountException e) {
                log.info("用户[" + username + " ]被锁定！" + e);
                solveLogin((HttpServletRequest)servletRequest, (HttpServletResponse)servletResponse, username, password, "用户被锁定！");
                return false;
            } catch (AuthenticationException e) {
                log.info("用户[" + username + " ]登陆异常！" + e);
                solveLogin((HttpServletRequest)servletRequest, (HttpServletResponse)servletResponse, username, password, "登陆异常！");
                return false;
            }
            log.info("用户["+ username +"]登录成功！");
            request.setAttribute(REQ_USER_NAME, username);
            return true;
        }
    }

    /**
     *  统一处理登陆过程中的转发问题
     * @param request
     * @param response
     * @param username
     * @param password
     * @param desc
     * @throws ServletException
     * @throws IOException
     */
    public void solveLogin(HttpServletRequest request, HttpServletResponse response, String username, String password, String desc) throws ServletException, IOException {
        request.setAttribute(USER_NAME, username);
        request.setAttribute(PASS_WORD, password);
        request.setAttribute(RESPONSE_DESC, "登陆异常！");
        request.getRequestDispatcher("/").forward(request, response);
    }
}
